From: Henry_Waldock@mtsg.ubc.ca
Message-Id: <1516894@mtsg.ubc.ca>
I am a Canadian law student with a BSc in Computer Science. I'm
doing a paper on computer viruses and the Criminal Law.
When the Canadian Parliament considered computer mis-use, viruses
were not a problem, but the legislation they produced isn't bad. (I
will attach a copy at the end of this message.) They created a kind
of "trespass to information" which they called "unauthorized access
to a computer system", and a kind of "vandalism to information",
which they called "unauthorized alteration or destruction of
computerized data". My major criticism is that they didn't
explicitly criminalize the unauthorized consumption of computer
resources. While the language they chose may not suit your purposes
exactly, the three concepts of
1) unauthorized access to services (and data),
2) unauthorized consumption of services, and
3) unauthorized alteration/destruction of data
should cover most forms of computer abuse.
If you define the purposes for which a user is _authorized_ to use
his or her own account/equipment, you can limit even private
commercial usage.
See also the California Penal Code s.502, and the Pennsylvania 18
PA Cons. Stat. Amm s. 3933.
(Note that these are the old section numbers. The Canadian Criminal
Code was re-numbered on Jan 1, 1989.)
The Canadian Criminal Code
301.2?(1) Every one who fraudulently and without color of right
(a) obtains, directly or indirectly, any computer service,
(b) by means of an electormagnetic, acoustic, mechanical or other
device, intercepts or causes to be intercepted, directly or
indirectly, any function of a computer system, or
(c) causes to be used, directly or indirectly, a computer system
with intent to commit an offence under paragraph (a) or (b) or an
offence under section 387 in relation to data or a computer system
is guilty of an indictable offence and is liable to imprisonment for
a term not exceeding ten years, or is guilty of an offence
punishable on summary conviction.
(2) In this section,
"computer program" means data representing instructions or
statements that, when executed in a computer system, causes the
computer system to perform a function;
"computer service" includes data processing and the storage or
retrieval of data;
"computer system" means a device that, or a group of interconnected
or related devices one or more of which,
(a) contains computer programs or other data, and
(b) pursuant to computer programs,
(i) performs logic and control, and
(ii) may perform any other function;
"data" means representations of information or of concepts that are
being prepared or have been prepared in a form suitable for use in a
computer system;
"electromagnetic, acoustic, mechanical or other device" means any
device or apparatus that is used or is capable of being used to
intercept any function of a computer system, but does not include a
hearing aid used to correct subnormal hearing of the user to not
better than normal hearing;
"function" includes logic, control, arithmetic, deletion, storage
and retrieval and communication or telecommunication to, from or
within a computer system;
"intercept" includes listen to or record a function of a computer
system, or acquire the substance, meaning or purport thereof.
387. ... (1.1) Every one commits mischief who wilfully
(a) destroys or alters data;
(b) renders data meaningless, useless or ineffective;
(c) obstructs, interrupts or interferes with the lawful use of
data; or
(d) obstructs, interrupts or interferes with any person in the
lawful use of data or denies access to data to any person who is
entitled to access thereto.
(8) In this section, "data" has the same meaning as in section
301.2.